What Is Happening at the Moment?
Firewalls are the first line of defense in protecting critical infrastructures in cyberspace. This makes them particularly attractive to attackers, and, by design, they are highly accessible because they exist directly online. Following some spectacular attacks on firewalls and IT management components , Checkpoint's security gateways are now affected .
At the beginning of June, the national security center of the German BSI issued a cybersecurity warning regarding the vulnerability identified as CVE-2024-24919 with a "high" criticality rating. The affected firewalls are used by approximately 1 800 companies in Germany alone . Globally, over 13 700 systems have been counted . This vulnerability has been used to attack not only political parties but also critical infrastructures .
The code for identifying and exploiting the vulnerability is easily available on public websites (Github). Potential targets are listed on specific search engines . Overall, the know-how required for the attack is easily accessible, reducing the effort and increasing the number of attackers. Therefore, it is not surprising that scans for potential vulnerable systems are “trending” .
It is also concerning that, according to heise online , two weeks after the emergency patch was released by Checkpoint, "only" [sic!] half of the affected organizations had addressed the vulnerability. This means that at that time, several hundred companies were still at risk due to this vulnerability.
What Do These Developments Mean?
Through this vulnerability, attackers can access the corporate network. Closing the gap only prevents future attacks. However, attackers may have already gained access. In the worst-case scenario, the IT/OT systems behind the firewall are already compromised. These compromised systems could also include OT firewalls that secure the networks of substations and power plants. Affected organizations must now ensure this is not the case. This effort is essential.
Due to the professionalization of attackers , advanced techniques , optimized division of labor, sophisticated value chains with multiple uses and rental of established footholds in the attacked network, the risk is hard to assess without in-depth competent integrity checks and log file analyses, and the damage can be potentially existential .
Currently, ransomware attacks on companies represent the biggest cyber threat . After successfully penetrating the corporate network, data is encrypted and a ransom is demanded (Keyword: "What are bitcoins and where can you get them?") .
Before encryption, the data may have been copied by the attackers. As a result, all confidential, personal, or infrastructure-specific data could already be in the hands of the attackers and their customers. This opens up countless additional attack vectors and dramatically increases the threat level.
What Can You Do?
1. Review Logs
2. Protocol Actions
3. Backups
4. IT and OT Coordination
7. Quick Response
8. Network Monitoring
11. Incident Management
By implementing these measures, you can significantly increase the security of your networks and minimize the risks of cyberattacks.